Analysis
-
max time kernel
149s -
max time network
153s -
platform
ubuntu-24.04_amd64 -
resource
ubuntu2404-amd64-20240523-en -
resource tags
arch:amd64arch:i386image:ubuntu2404-amd64-20240523-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system -
submitted
19-12-2024 15:52
Behavioral task
behavioral1
Sample
x86_64.elf
Resource
ubuntu2404-amd64-20240523-en
General
-
Target
x86_64.elf
-
Size
76KB
-
MD5
20298e228b90c88533efc7d574affdfb
-
SHA1
f42ea8d586accb5ce87f032e984f3661f567f31e
-
SHA256
f136e57f0012699ff8ca132a6f5ce47fb6f833cddb9124f234dac51709009734
-
SHA512
e11c7913a23c3c1739fc7e89cc835ae38ccc1073f07a7c0667cad70878691deb3b7318539d6140c0ce4927527a4cfdcb8f2a378ca660bfb03a794958159e32ac
-
SSDEEP
1536:Yi1YUwiH1q2S+levBG+2U2hG90hCy2++Eg95YFVC6wAZ:YieGVq2S+0vBGa2cYn2+M95+C6wAZ
Malware Config
Signatures
-
Contacts a large (48727) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
description ioc Process File opened for modification /dev/watchdog x86_64.elf File opened for modification /dev/misc/watchdog x86_64.elf -
Enumerates running processes
Discovers information about currently running processes on the system
-
Changes its process name 1 IoCs
description ioc pid Process Changes the process name, possibly in an attempt to hide itself KAyqxBYXVTtdGPitwya 2821 x86_64.elf -
description ioc Process File opened for reading /proc/2287/cmdline x86_64.elf File opened for reading /proc/2293/cmdline x86_64.elf File opened for reading /proc/2313/cmdline x86_64.elf File opened for reading /proc/2551/cmdline x86_64.elf File opened for reading /proc/2825/cmdline x86_64.elf File opened for reading /proc/2827/cmdline x86_64.elf File opened for reading /proc/485/cmdline x86_64.elf File opened for reading /proc/1109/cmdline x86_64.elf File opened for reading /proc/782/cmdline x86_64.elf File opened for reading /proc/2206/cmdline x86_64.elf File opened for reading /proc/2556/cmdline x86_64.elf File opened for reading /proc/2036/cmdline x86_64.elf File opened for reading /proc/2140/cmdline x86_64.elf File opened for reading /proc/2326/cmdline x86_64.elf File opened for reading /proc/2615/cmdline x86_64.elf File opened for reading /proc/416/cmdline x86_64.elf File opened for reading /proc/1131/cmdline x86_64.elf File opened for reading /proc/2501/cmdline x86_64.elf File opened for reading /proc/2582/cmdline x86_64.elf File opened for reading /proc/1048/cmdline x86_64.elf File opened for reading /proc/2209/cmdline x86_64.elf File opened for reading /proc/2832/cmdline x86_64.elf File opened for reading /proc/2015/cmdline x86_64.elf File opened for reading /proc/2563/cmdline x86_64.elf File opened for reading /proc/2046/cmdline x86_64.elf File opened for reading /proc/437/cmdline x86_64.elf File opened for reading /proc/511/cmdline x86_64.elf File opened for reading /proc/2330/cmdline x86_64.elf File opened for reading /proc/2332/cmdline x86_64.elf File opened for reading /proc/796/cmdline x86_64.elf File opened for reading /proc/2316/cmdline x86_64.elf File opened for reading /proc/2320/cmdline x86_64.elf File opened for reading /proc/2473/cmdline x86_64.elf File opened for reading /proc/2033/cmdline x86_64.elf File opened for reading /proc/2113/cmdline x86_64.elf File opened for reading /proc/795/cmdline x86_64.elf File opened for reading /proc/2319/cmdline x86_64.elf File opened for reading /proc/2181/cmdline x86_64.elf File opened for reading /proc/2592/cmdline x86_64.elf File opened for reading /proc/2642/cmdline x86_64.elf File opened for reading /proc/1063/cmdline x86_64.elf File opened for reading /proc/1794/cmdline x86_64.elf File opened for reading /proc/2622/cmdline x86_64.elf File opened for reading /proc/2826/cmdline x86_64.elf File opened for reading /proc/457/cmdline x86_64.elf File opened for reading /proc/2148/cmdline x86_64.elf File opened for reading /proc/2419/cmdline x86_64.elf File opened for reading /proc/2822/cmdline x86_64.elf File opened for reading /proc/591/cmdline x86_64.elf File opened for reading /proc/2128/cmdline x86_64.elf File opened for reading /proc/2038/cmdline x86_64.elf File opened for reading /proc/2229/cmdline x86_64.elf File opened for reading /proc/2257/cmdline x86_64.elf File opened for reading /proc/786/cmdline x86_64.elf File opened for reading /proc/794/cmdline x86_64.elf File opened for reading /proc/2547/cmdline x86_64.elf File opened for reading /proc/2758/cmdline x86_64.elf File opened for reading /proc/2824/cmdline x86_64.elf File opened for reading /proc/2028/cmdline x86_64.elf File opened for reading /proc/2274/cmdline x86_64.elf File opened for reading /proc/2819/cmdline x86_64.elf File opened for reading /proc/2120/cmdline x86_64.elf File opened for reading /proc/2596/cmdline x86_64.elf File opened for reading /proc/886/cmdline x86_64.elf